Several files and authentication information from your RSA Authentication Manager 7.1 installation need to be copied to the Identity Manager installation. The following sections contain instructions for copying these files and pieces of information.
The RSA Authentication Manager files must be copied to the appropriate Identity Manager driver library directory for your installation.
From a command prompt on your RSA Authentication Manager host, change directories to RSA_AM_HOME/appserver/weblogic/server/lib/.
At the command prompt, enter:
java -jar ../../../modules/com.bea.core.jarbuilder_1.0.0.0.jar -profile wlfullclient
Change directories to RSA_AM_HOME/
At the command prompt, enter:
appserver/jdk/bin/jar -xf components/ims/wars/console-ims.war WEB-INF/lib/ims-client.jar
At the command prompt, enter:
appserver/jdk/bin/jar -xf components/ucm/console-ucm.war WEB-INF/lib/ucm-client.jar
Copy the following files in your RSA Authentication Manager server installation to the Identity Manager driver library directory:
RSA_AM_HOME/appserver/license.bea
RSA_AM_HOME/appserver/modules/com.bea.core.process_5.3.0.0.jar
RSA_AM_HOME/appserver/weblogic/server/lib/wlfullclient.jar
RSA_AM_HOME/appserver/weblogic/server/lib/wlcipher.jar
RSA_AM_HOME/appserver/weblogic/server/lib/EccpressoAsn1.jar
RSA_AM_HOME/appserver/weblogic/server/lib/EccpressoCore.jar
RSA_AM_HOME/appserver/weblogic/server/lib/EccpressoJcae.jar
RSA_AM_HOME/utils/jars/am-client.jar
RSA_AM_HOME/utils/jars/systemfields-o.jar
RSA_AM_HOME/utils/jars/thirdparty/axis-1.3.jar
RSA_AM_HOME/utils/jars/thirdparty/commons-beanutils-1.7.0.jar
RSA_AM_HOME/utils/jars/thirdparty/commons-discovery-0.2.jar
RSA_AM_HOME/utils/jars/thirdparty/commons-lang-2.2.jar
RSA_AM_HOME/utils/jars/thirdparty/commons-logging-1.0.4.jar
RSA_AM_HOME/utils/jars/thirdparty/iScreen-1-1-0rsa-2.jar
RSA_AM_HOME/utils/jars/thirdparty/iScreen-ognl-1-1-0rsa-2.jar
RSA_AM_HOME/utils/jars/thirdparty/jdom-1.0.jar
RSA_AM_HOME/utils/jars/thirdparty/jsafe-3.6.jar
RSA_AM_HOME/utils/jars/thirdparty/jsafeJCE-3.6.jar
RSA_AM_HOME/utils/jars/thirdparty/log4j-1.2.11rsa-3.jar
RSA_AM_HOME/utils/jars/thirdparty/ognl-2.6.7.jar
RSA_AM_HOME/utils/jars/thirdparty/spring-2.0.7.jar
RSA_AM_HOME/WEB-INF/lib/ims-client.jar
RSA_AM_HOME/WEB-INF/lib/ucm-client.jar
When you install RSA Authentication Manager, the system creates a self-signed root certificate and stores it in RSA_AM_HOME/server/security/server_name.jks. You must export this certificate from the server, and import it into a Java keystore file for the RSA driver. Use the Java keytool, as described below, to create the necessary Java keystore file for the RSA driver.
To export the server root certificate:
Change directories to RSA_AM_HOME/appserver/.
At the command prompt, enter:
jdk/jre/bin/keytool -export -keystore RSA_AM_HOME/server/security/server_name.jks -file am_root.cer -alias rsa_am_ca
At the prompt for the keystore_password, press Enter without typing a password.
A warning screen is displayed, but the server root certificate is still exported.
The Java keytool outputs the certificate file to the directory specified in Step 1.
Import the certificate into a new Java keystore by entering:
keytool -import -keystore trust.jks -storepass changeit -file am_root.cer -alias rsa_am_ca -trustcacerts
You must provide a cacerts keystore password to import the server root certificate into a Java keystore. The Java default is changeit.
The Java keytool displays a confirmation that the certificate was added to the keystore.
Copy the newly created trust.jks file to your driver library directory.
When you install RSA Authentication Manager, the system creates a command client username and password for secure connections to the command server. This username and password are randomly generated on creation, and are unique to each deployment.
You need to set command client and username values in the driver configuration for connection to the command server. Use the Manage Secrets utility as described in the following procedure to obtain these values from Authentication Manager.
From a command prompt on your RSA Authentication Manager host, change directories to RSA_AM_HOME/utils.
At the command prompt, enter:
rsautil manage-secrets --action list
When prompted, enter your master password.
The system displays the list of your internal system passwords.
Locate the values for your command client username and password. For example:
Command Client User Name: CmdClient_vKr0bLK0
Command Client User Password: f0SHbK2W4i
These are the values that you must use for the driver configuration values for the command client username and password. Take note of these values for driver configuration. For more information, see Section A.1.5, Driver Parameters.
IMPORTANT:Do not change the command client username and password. Any change to these values can cause serious issues in the operation of RSA Authentication Manager.
For the RSA driver to communicate correctly with RSA Authentication Manager, Java startup properties for Identity Manager must be added.
From the Control Panel, select the
icon.Click the
tab.Click
.Do one of the following:
Under
, click .In the
field, enter:DHOST_JVM_OPTIONS
IMPORTANT:The variable name must be all in capital letters.
In the
field, add the following text, ensuring that it is properly separated from any existing text by a space character:-Dsun.lang.ClassLoader.allowArraySyntax=true
Click
in each dialog box until they are closed.Set or modify the DHOST_JVM_OPTIONS environment variable to the following:
-Dsun.lang.ClassLoader.allowArraySyntax=true